Jeremy French's questions

With SHA1 certs being deprecated by major browsers it seems wise to get a SHA2 signed cert. But in doing so you will be locking out IE6 users. While for most people this won't be an issue in some cases it may lock out significant users.

Looking at the SSL handshake the client sends details of what it supports.

So in theory a server could send a certificate that the client will support. Newer browsers would get a SHA2 signed one and older ones SHA1.

However it doesn't look like there are any ways do do this with nginx configuration. While you can set versions of cyphers and protocols you can't have any logic to determine how to behave with different client configurations.

Ia there a way to server a different certificate depending on what the client supports?

I have most of a dynamic dns set up working. I can manually update the DNS entries using nsupdate and my dhcpd.conf file will attempt to set the DNS entries.

However this fails as I don't have bind running on a standard port, I have unbound running on port 53 so I get the error.

dhcpd: Unable to add forward map from XXX to 192.168.0.19: NOTIMP

which is expected.

What I would like to do is get dhcpd to be able to talk to my bind server on the non standard port.

I have tried

zone myzone. {
   primary 192.168.0.125:5252;
}

and

zone myzone. {
   primary 192.168.0.125 5252;
}

and

zone myzone. {
   primary 192.168.0.125;
   port 5252;
}

None of which seem to work.

is there a way to specify a port for the DNS server?

I am updating on the same machine so I'm not using zone files, but I know the updates can work if on the correct port because of testing with nsupdate.

I'm trying to set up a balanced cluster with mod_proxy_balancer.

I followed the example line from here to set a cookie. I have had to tweak it as the environment is not stable so not every request will return a 200 code.

Header always add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e;
<Proxy balancer://cluster>
    BalancerMember http://server1.example.com route=share2
    BalancerMember http://server2 example.com route=share1

</Proxy>
ProxyPass /balancer balancer://cluster/ stickysession=JSESSIONID|jsessionid nofailover=On
ProxyPassReverse /balancer balancer://cluster/

(I know the stickysession != ROUTEID, but that is for reasons outside the scope of this question)

So on my local dev box I get

Set-Cookie  ROUTEID=.share1;

as one of the response headers, which is what I would expect.

However in the test environment, I get

 Set-Cookie: ROUTEID=.(null);

I don't know how it can be (null), and what I can do to stop it being null. Is there something the downstream server can do to stop the ROUTEID being set? Or is there some other config option which could be blocking it?

I am working on a site, which is going to allow downloads to users, there will be around 2,000,000 files which can be downloaded.

We want to discourage people from crawling and taking all of these documents so would like to limit the number of requests we server containing a URL pattern over a certain time limit. We are happy for the rest of the site to be crawled so don't want to limit that.

We are putting an exclusion in robots.txt to discourage crawlers from getting the files. we are more worried about malicious or misbehaving crawlers.

We would like to use apache to limit the number of downloads of the documents to about 1 per minute per ip address.

Is there a best practice way to do this?

we are using Centos with apache2.2

There are a lot of similar questions to this but most of them seem to center on bandwidth limiting which is not what I want.

I am a developer who is used to being able to test and debug code.

Occasionally I have to make changes to our load balancer configuration. As far as I can see, if I mess this up it could stop the whole site working, but we don't have a way to test it off-line.

How do people test such things? I was hoping there would be some sort of emulator that I could use. Or is it possible to have a second configuration for testing?

I would like to be as confident in the changes I make to the load balancer as I am to the changes I make to my code. Does anyone have a test suite they use for testing their load balancer?

update

We are in the process of moving from one back end to another, and we are redirecting users based on the url.

I copied a large zip file to a Linux server, I didn't realise at the time that it was a 7zip file.

After some messing around I installed 7zip with "yum install p7zip" however when I try to extract the archive with

7za -x ./myarchive.zip

I get the following output

7-Zip (A) 4.61 beta Copyright (c) 1999-2008 Igor Pavlov 2008-11-23 p7zip Version 4.61 (locale=C,Utf16=off,HugeFiles=on,1 CPU)

Error: Incorrect command line

Google is not my friend with this error, so I thought that I would try here. Debated as to if this should be SF or SU, but as it is not my computer I think it is SFs' domain.

I have some network cable laid, but no sockets as yet. I have done a quick google, and have not had much luck with explanations (other than on the hyphen site).

Is there a good, comprehensive guide to how to wire up Ethernet sockets, any advice would also be greatly appreciated as it sounds like a bit of a nightmare.

I am trying to import a MySQL dump file.

The file was created on a Linux server, I am trying to import on windows

I logged into the command line and ran:

SOURCE c:/dump.sql

But this seems to have thrown up some character set problems (specifically with smart quotes and other non standard punctuation).

It was suggested to me that I run:

mysql -u username -d dbase < c:\dump.sql

When I try this I get the error

ERROR 2006 (HY000) at line 149351: MySQL server has gone away

A bit of googling suggested that this was to do with the max_allowed_packet switch but I have tried this and it hasn't worked. Has anyone any idea what this could be?

If anyone has a suggestion about the character set issue that would be helpful too.

I am trying to import a large MySQL dump file and am getting a consistent error on a certain line 149,351 (out of 4207442). I would like to see what that line is.

The best way I have found to do this is like this:

head -149351 dump.sql | tail

However, this is very slow. I tried loading the file in vi, but it wasn't able to handle a file that big. I am on Windows XP and have cygwin.